Groups without passwords

Users connected to a group's user ID have certain permissions. A user belonging to a group would have ownership permissions
over any tables in the database created in the name of the group's user ID.

It is possible to set up a database so that only the DBA handles groups and their database objects, rather than permitting
other user IDs to make changes to group membership. You can do this by disallowing connection as the group's user ID when
creating the group. To do this, enter the CREATE USER statement without a password. The following statement creates a user
ID personnel:

CREATE USER personnel;

This user ID can be granted group permissions, and other user IDs can be granted membership in the group, inheriting any permissions
that have been given to personnel. However, nobody can connect to the database using the personnel user ID because it has
no valid password.

The user ID personnel can be an owner of database objects, even though no user can connect to the database using this user
ID. The CREATE TABLE statement, CREATE PROCEDURE statement, and CREATE VIEW statement all allow the owner of the object to
be specified as a user other than that executing the statement. Only a user with DBA authority can perform this assignment
of ownership.